TwinEngines Home | Industry Insights | Blog

Blog

Manufacturing Business, Technology and Lean Web Insights

Passing a PCI Compliance Security Audit

2/11/2010 by Michael Losapio

As part of the process to be PCI compliant, one of our eBusiness customers recently underwent a security scan by their processor's PCI audit vendor. The results of the initial scan of their eCommerce website were less than I'd expected - a failure. Failure?!? How? Why?

1. "The remote service accepts connections encrypted using SSL 2.0."
2. "Possible cross site scripting"

#1 was simple enough to resolve... make a quick registry change, reboot the server, and you're done (see here for Micrsoft's instructions). Why did we need to do this - SSL 2.0 is open to "man in the middle" attacks where someone could potentially intercept the data transmission and essentially control the transmission, unbeknownst to those at either end of the data transmission.

For any eBusiness using a SSL Certificate on their eCommerce website, and thinking they are providing safe commerce to their customers - beware, you may be vulnerable.

#2, in my opinion, was crap. Here's the situation - we have a textbox on the webpage that takes user input and appends it to the querystring while redirecting to the search results page. This search results page takes the search criteria from the querystring and passes it to a stored procedure that scrubs it for SQL injection and returns the results. One additional thing the page does is display the search criteria in a label. Sounds pretty straight forward, right? Apparently since we weren't scrubbing the search criteria before displaying it on the page, we were "vulnerable" to cross-site scripting.

I do not agree - the definition (thanks Wikipedia!) of cross-site scripting is "a type of computer security vulnerability typically found in web applications which enable malicious attackers to inject client-side script into web pages viewed by other users." The key here is "other users." Sure, the page ran whatever script was entered into the Search textbox, but it would've only been for that user session... these results would not appear for others. Congratulations, Mr. Hacker! You just fell victim to your own script! So I sucked up my pride and added code to scrub the search criteria before passing it to the next page - you win this round, PCI Compliance...

So after implementing both "fixes," the eCommerce website passed and is now PCI Compliant. I'm sad, though, that I can no longer search for <script>You're an awesome guy!</script> and have the browser give me a little pat on the back for doing a good job.

2010 Georgia Legislative Report by GIA

1/27/2010 by Administrator

Contribued by: Lee Lemke, Executive Vice President, Georgia Industry Association

GIA

Scroll down for the very latest industry news from the State Capitol.

The Georgia Industry Association is tracking state legislation that could potentially impact industry and manufacturing business.  From new leadership in the state House to expected budget short-falls and a gubernatorial election on the horizon, GIA keeps us up-to-date on important changes at the Georgia Capitol. 

Senate Appropriations Chairman Jack Hill said "with January marking the halfway point for fiscal year 2010, Georgia's overall total revenue collection shortfall now stands at $1.148 Billion or -13.7%.

Transportation

Governor Perdue released his recommendations for the amended FY2010 budget and the recommended budget for FY2011. The FY2010 amended budget calls for a further reduction of the state budget from $18.6 billion to $17.4 billion by the end of the fiscal year ending June 30.

The 2010 budget recommendation includes $300 million in bond projects for transportation. The Governor laid out a vision for committing a similar amount in the future budgets, which total as much as $3 billion over the next decade. The bonds will be paid back using state general funds rather than motor fuel taxes, which are declining at a time when transportation needs are increasing.

"This is the ultimate accountability system, the DOT will be responsible for delivering projects, and the legislature will answer to the voting taxpayers in deciding whether to continue making these investments," the Governor said.

Voters in each region will have the ability to decide on new transportation improvements by voting on a one percent sales tax. If the district votes yes, the additional sales tax collected in their district will be used to fund their list of projects. If the district votes no, the tax will not be levied.

The Governor also recommended $68 million for the deepening of the Savannah River Harbor. The joint federal-state project will deepen the shipping channel from 42 feet to 48 feet allowing the world's biggest ships to call on the Savannah Port.

Read more about legislative activity affecting industry during the 2010 Legislative Session:

Week 1

Week 2: Governor Perdue's budget recommendations for FY2010 and FY2011.

Week 3

Week 4

Week 5

 

eCommerce - Measure Your Conversion Rate

1/25/2010 by Jack Burnett

The conversion rate may be the most important web metric in an eCommerce website. A good conversion rate is important because conversions lead to sales, and sales leads to profits.

The definition of conversion rate is:

Conversion rate (measured in %) = Number of Sales / Number of unique visitors

Customers ask me what is a good conversion rate.  The answer is simple - your conversion rate should be high enough for you to be profitable. It may only be 1% or 3%, or you may need a 15% conversion rate to be profitable.

For an ecommerce site, you can mesaure your monthly conversion rate manually.

  1. Find the total number of unique visitors to your website in a month no matter how they find your site (direct and referrals)
  2. Calculate the total number of sales in a month.

At TwinEngines, we use MediaChase as our eCommerce technology platform, and we implement Google Analytics  to track website performance. Our customers log into their eCommerce management website and find the total number of sales.  They get their total number of visitors from the Google Analytics dashboard.

I recommend measuring your conversion rate over a calendar year to get a complete understanding.  You'll be able to break the year down into seasonal periods and around other outside events that influence your sales.

Here is a link to an article on an automatic way to measure conversion rates - using Google Analyics.

ERP Software Selection Resource

1/22/2010 by Jack Burnett

At TwinEngines, I help companies participating in the manufacturing value chain solve issues with manufacturing technology based solutions. For small and mid-market manufacturers, the ERP system may be the most costly technology investment in the company.  If your company uses 75% of the functionality of an ERP system, then I consider that a success.  As far as the remaining 25% to manage your unique processes, custom ERP extensions built on a flexible framework that integrates to ERP are often times the most efficient and effective answer.  Those ERP extensions are one of the solutions TwinEngines has been delivering the past 15 years.

Our industry experience enables us to integrate many of the leading ERP/MRP/Financial systems for small, mid market organizations.  Products like Microsoft Dynamics, Macola, Infor Visual, SyteLine, SysPro, Ross Systems, Epicor Vantage, Glovia, BAAN, Sage's MAS products, Intuit's QuickBooks, and more. 

One of the key value propositions at TwinEngines is our ability to help companies determine if they need an ERP system or if they should leverage custom and best of breed applications. If ERP is the answer we bring in our partners and other organizations to help.

Top10ERP.org is a great resource for manfuacturers to get an unbiased picture of the ERP landscape for manufacturing.  While we work primarily with discrete manufacturers, Top10ERP.org categorizes ERP systems for most modes of manufacturing including: process, mixed-mode, engineer-to-order, make-to-order, light assembly, shop floor/job shop and distribution.  It also sorts by industry and has whitepapers and case studies to help you understand ERP.

A resource like Top10ERP.org coupled with TwinEngines' strategic manufacturing technology consulting leads to manufacturing technology solutions that are the right fit and the best value for your company.

Bluetooth Manufacturing Technology

1/18/2010 by Jack Burnett

With a computer engineering and robotics background, I love to stay abreast of technology for manufacturing companies and small companies participating in the manufacturing value chain.  At TwinEngines, I'm particularly interested in manufacturing technology that integrates to information systems we build for manufacturers in Georgia and the Southeast.  I recently read about bluetooth technology in the warehouse and distribution centers, that can integrates easily into our shop-floor production software systems. Most of us have experienced bluetooth technology with our cell phones and keyboards and mouses for our PCs.  The benefit is we are not tied to one location, and we can free up our hands to do other things.

Now there are bluetooth-enabled barcode scanners, a great example of manufacturing technology in the warehouse improving productivity.  The LXE Bluetooth Ring Scanner fits on a finger so loaders can still use both hands to load products.  The scanner on the finger transmits the data to a computer located on the forklift or a central location.  There has been reported time-savings in the 20-30% range vs. mobile hand-held scanners.  Other benefits are the ability to track products moving through the warehouse and the ability to easily load different parts or products quicker in one crate.

Read the article here at "Manufacturing Business Technology".


Categories

Want to Know More?

 

Business Issue: *

Your Information

First Name: *
Last Name: *
Company: *
Email Address: *
Phone Number: *
* Required

Lean Web Evaluation

If you are interested in a lean web evaluation of your web presence at no charge except your time, please call us at (404) 522 - 4262 x635
or Click here to request your evaluation now.